Skip to content

Commit

Permalink
add container image
Browse files Browse the repository at this point in the history
  • Loading branch information
MrMarble committed Nov 22, 2024
1 parent c4faf32 commit 7f6dd47
Show file tree
Hide file tree
Showing 8 changed files with 171 additions and 0 deletions.
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,4 @@ node_modules/
/playwright/.auth/
.vscode
.env
*.keytab
12 changes: 12 additions & 0 deletions docker/.dockerignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
.gitignore
*.md
.git
.vscode
.github
.husky
test-results
playwright-report
user.json
Dockerfile
node_modules
.env
47 changes: 47 additions & 0 deletions docker/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
FROM registry.redhat.io/ubi9/ubi:9.5 as base

ENV LANG=C.UTF-8
ENV LC_ALL=C.UTF-8
ENV KRB5CCNAME=/tmp/cache

COPY docker/krb5.conf /etc/krb5.conf
COPY docker/install-certs.sh /install-certs.sh
COPY docker/auth.sh /auth.sh

RUN ./install-certs.sh $RH_CERT_URL \
&& yum update -y \
&& yum install -y wget git krb5-workstation \
# Playwright dependencies
libxcb libXdamage libXcursor libXext libXcomposite libXrandr \
libXi pango cairo cairo-gobject libXrender gtk3 atk gdk-pixbuf2 \
# NodeJS
&& yum module install -y nodejs:20/common \
&& yum clean all \
&& npm install -g yarn \
&& chmod 755 /krb5 \
&& mkdir -p /var/lib/sss/pubconf/krb5.include.d \
&& chmod 755 /etc/krb5.conf.d \
&& chown -R 1001:0 /etc/krb5.conf.d \
&& chown 1001:0 /etc/krb5.conf \
&& chown -R 1001:0 /krb5

FROM base as build

WORKDIR /app
ENV PLAYWRIGHT_BROWSERS_PATH=0

COPY --chown=1001 package.json /app/package.json
COPY --chown=1001 yarn.lock /app/yarn.lock
COPY --chown=1001 playwright.config.ts /app/playwright.config.ts
COPY --chown=1001 tsconfig.json /app/tsconfig.json
COPY --chown=1001 docker/krb5.conf.d /etc/krb5.conf.d
COPY --chown=1001 docker/krb5.keytab /krb5/krb5.keytab

RUN yarn install --frozen-lockfile \
&& yarn playwright install chromium firefox

COPY --chown=1001 . /app

USER 1001

CMD ["/bin/sh"]
62 changes: 62 additions & 0 deletions docker/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
# OSIM UI + Kerberos Tests Container

This is the container that is used to run the tests on the CI/CD pipeline. It is based on redhat's ubi9 image and has the necessary dependencies to run the tests.

## Building the container
Before building the container, you need to prepare some files.

1. Create a `krb5.keytab` file in the `docker` directory. This file is used to authenticate with kerberos.
```bash
$ ktutil
ktutil: addent -password -p <principal> -k 1 -e aes256-cts-hmac-sha1-96 -f
ktutil: wkt krb5.keytab
ktutil: quit
```
2. Create a `crypto-policies` file in the `krb5.conf.d` directory. You should have this file in `/etc/krb5.conf.d/` or `/usr/bin/krb5-conf/` on your machine.


3. Provide the correct realm configuration in a file inside the `krb5.conf.d` directory. You should have this file in `/etc/krb5.conf` on your machine.


That should look like this:
```bash
|-- docker
| |-- krb5.conf.d
| | |-- crypto-policies
| | |-- realm # name of the file is not important
| |-- krb5.keytab
| |-- krb5.conf
| |-- Dockerfile
```

After preparing the files, you can build the container using the following command:

> [!IMPORTANT]
> Make sure to run the command from the root of the project.
> (outside of the docker folder)
```bash
podman build -t osim-ui-tests -f docker/Dockerfile --ignorefile docker/.dockerignore .
# to install RH certificates add --env RH_CERT_URL=<url> to the command
```

## Running the container
Make sure to provide the required [environment variables](/README.md#required-environment-variables) when running the container:

```bash
podman run --rm -it --env-file .env osim-ui-tests
```

## Running the tests

You need to authenticate with kerberos before running the tests. You can do this by running the script **inside the container**:

```bash
sh /auth.sh
```

After authenticating, you can run the tests using the following command:

```bash
yarn test
```
6 changes: 6 additions & 0 deletions docker/auth.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
#!/bin/sh

principal="$( klist -kt /krb5/krb5.keytab | grep -Eo -m1 '\w+@[A-Z.]+' )"

kinit -k -t /krb5/krb5.keytab $principal
klist -c /tmp/cache
10 changes: 10 additions & 0 deletions docker/install-certs.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
#!/bin/sh

if [[ -z "${1}" ]]; then
echo -e "\e[1;33mWARNING: RH_CERT_URL environment variable not set, internal RH resources won't be accessible\e[0m"
else
curl "${1}/certs/Current-IT-Root-CAs.pem" -o /etc/pki/ca-trust/source/anchors/Current-IT-Root-CAs.pem
mkdir -p /etc/ipa
curl "${1}/chains/ipa-ca-chain-2015.crt" -o /etc/ipa/ipa.crt
update-ca-trust
fi
31 changes: 31 additions & 0 deletions docker/krb5.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
# To opt out of the system crypto-policies configuration of krb5, remove the
# symlink at /etc/krb5.conf.d/crypto-policies which will not be recreated.
includedir /etc/krb5.conf.d/

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
pkinit_anchors = FILE:/etc/pki/tls/certs/ca-bundle.crt
spake_preauth_groups = edwards25519
dns_canonicalize_hostname = fallback
qualify_shortname = ""
# default_realm = EXAMPLE.COM
default_ccache_name = KEYRING:persistent:%{uid}

[realms]
# EXAMPLE.COM = {
# kdc = kerberos.example.com
# admin_server = kerberos.example.com
# }

[domain_realm]
# .example.com = EXAMPLE.COM
# example.com = EXAMPLE.COM
2 changes: 2 additions & 0 deletions docker/krb5.conf.d/.gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
*
!.gitignore

0 comments on commit 7f6dd47

Please sign in to comment.